Slashdot Mirror
CA Sec. of State Panel on Open Source Elections
goombah99 writes "The Open Voting Consortium has announced that California Secretary of State Bruce McPherson is forming a panel to investigate using open source software in elections. Suggested Panel members include Security expert Bruce Perens and Python guru David Mertz who is associated with the sourceforge EVM2003 voting machine project. This is big since a favorable outcome could help fund prototypes of true open source election equipment and systems."
Now watch Microsoft and the *AA attacking this resolution on the ground that it is "unamerican" and fostering terrorism.
Paper and pencils can be made by anyone. Scrutineers are handy too; and scaleable.
Just ask yourself the following: "Who has more money to pay lobbyists -- Diebold or the Open Source Movement?"
I've abandoned my search for truth; now I'm just looking for some useful delusions.
This is very important in terms of keeping what's left of our democracy alive.
The number of abuses possible using Diebold's is simply staggering...
I'm impressed with a lot of the people campaigning against slimy voting machines - one is http://blackboxvoting.org/; there are people who have been devoting their lives to this since the last election... More then I'm good for!
Open Source voting machines will make it much easier for potential problems to be spotted, and a hell of a lot easier to get them fixed! The current companies don't really need to worry about fixing their problems - after all, what's wrong with fixing elections?
--LWM
I don't hold out much hope, especially since this is California - the land of the Guvernator. On the other hand, it is also the hotbed of the open source movement. So, there might be some hope.
What we really need is a tremendous scandal in an election: something like all votes are lost and Ross Perot gets elected to the school board, or something. Only then will people actually wake up and realize that they vote is easily in jeopardy from proprietary and unresponsive (and partisan, I might add) election powerhouses like Diebold.
let the flamebait mod down begin...
safe by design-- i.e., based on paper
Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.
terminals which print out an ink ballot
That's part of the push for open source voting systems - you have a hard copy for verification. There are much better ways than just having it print out who you voted for so that you can drop it in a box - for example, one method which I read about not only keeps a paper record (which the user never has to handle, but is there for recounts), but prints out a tracking number that the user can enter on the election board's website and verify that their vote is in the system and who it is listed as being for.
... in Siberia, where Putin killed a fish with a speargun. He later claimed it was killed by Ukrainian separatists.
A receipt, whether a plain-text record or a number you can use over the phone or the internet, makes coercion so easy as to be laughable. What happens when your employer support some particular ballot measure, sees it fail at the ballot box, and then has an off-the-record policy where you show your receipt to the right people, and if it that says you voted for the measure, it will be in your favour the next time layoffs come around? What about a union shop that wants to make sure people voted, and voted for the "right" people? How about the police department wondering who supported the tax increase to pay for more police officers?
Sadly, because there are so many ways to abuse a verification mechanism, I have to conclude that a secret ballot must be kept absolutely secret, even from the voter himself once he drops it in the ballot box. And that's why I still favour pencil and paper, or punched cards. At least there's something tangible to go back and recount.
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
I think they need to concentrate not on a system that's open-source, but on a system where you don't need to trust the hardware to be able to verify the results. Open-source would be nice, but IMHO the critical requirement is more that you should be able to determine whether the reported results are correct without having to put unconditional trust in any one part of the system.
Eg., a system where the terminal records your vote electronically, then produces a printed ballot with both human-readable and barcode on it. The barcodes can be scanned quickly, so it's possible to compare the electronic results to the printed ballots. A template of the barcode for each possible value can be used to let humans quickly determine whether the barcodes match the human-readable name. And the voter can verify before putting his printed ballot in the box that the human-readable names on his ballot match the way he voted. Securing the physical ballots is similarly amenable to methods that insure that it'd take an improbable conspiracy to actually succeed in tampering with them.
transparency is introduced as a means of holding public officials accountable and fighting corruption. When government meetings are open to the press and the public, when budgets and financial statements may be reviewed by anyone, when laws, rules and decisions are open to discussion, they are seen as transparent and there is less opportunity for the authorities to abuse the system in their own interest.
Closeness and secrecy tend to be associated with dictatorships and tyranny.
EvilCON - Made Famous by
No, I'm sorry, but that's not sufficient.
The compiler (which is executed as a binary) itself could be subverted.
The compiler can take the good friendly Open Source, compile like normal (for the most part,) but then inject some nastiness wherever it was programmed to.
Even observing the compilation of the compiler does not help, because someone can subvert the compiler that compiles the compiler.
What I recommend: Humans performing pencil & paper counting under scrutiny of video camera and representatives of competing parties. Distribute the video tapes of the counting process on the Internet, and maintain archives for at least 12 years.
If you are looking for the Open Voting Consortium website, it may be found at http://www.openvotingconsortium.org/.
The basic idea that the OVC promotes is that of a computer-assisted voting station (or stations, to accomodate different kinds of voters who have physical impairments) that produces a paper ballot that *is* the official ballot and that can be read by both humans and computers.
This goes one step beyond verified voting. Verified voting has paper records that serve as audit trails but that are not themselves the official ballots. The OVC system goes one step further and makes the paper that the voter sees and approves the actual ballot.
There are a lot of complexities in voting systems; the OVC system avoids many of these difficulties because it is really a conservative application of computers to traditional methods.
In addition, the OVC system, because it produces a paper ballot, can have many different kinds of voting stations to accomodate the different physical needs of different voters.
The OVC wants voting software to be, at a minimum, open to inspection and testing by anyone.
Personally, I can conceive of some people who might come up with clever user interface mechanisms to help voters deal with ballots - and I personally don't think that those mechanism need to be part of the open voting systems. However, the core aspects of creating, handling, and counting ballots should not be wrapped in inpenetrable proprietary shrouds - every voter must know for a fact that his/her vote has been correctly recorded and correctly counted.
By-the-way - full disclosure time - I'm on the Board of Directors of the OVC.
Don't just read my summary of the article - read on, they go into a lot of depth, completely backing up my position. You better get your own source which contradicts the Wikipedia version.
In fact, as mentioned in the Wikipedia article, the concept of the "American Dream" was really popularized by Horatio Alger, Jr, a writer who in his time was as big of a seller as Mark Twain. All of Alger's stories were the same general outline: a boy grows up in poverty, but through a combination of luck and hard work, he ends up wealthy.
... in Siberia, where Putin killed a fish with a speargun. He later claimed it was killed by Ukrainian separatists.
Canada does elections right.
They crack open the boxes at the precinct level. Anyone who wants to sit around and watch the counting is welcome to do so. Once the counters and witnesses sign off on a count, it's done and over with. All that remains is to transmit the precinct numbers, which could be easily done over the phone, with confirmation by transmitting the signed count document.
What's so hard about doing it that way and having the ballots just be big squares of newsprint with boxes you put an X inside?
Bruce
Bruce Perens.
It's 2 AM here in Norway, so I'm not going to write much else tonight.
Bruce
Bruce Perens.
Yes, because everybody knows that paper is a write-once, ready many system with built-in user authentication which cannot be hidden, destroyed, or otherwise tampered with.
It can be made so.
The trick here is to use an external system to verify the correctness of the voting system, called "election observers". The idea is that any person can volunteer to become an "election observer", and once they volunteer they get to sit around to verify that every voter is correctly verified and audited; ensure that everyone who comes in gets an equal chance to vote and put their vote in the box; and ensure that the box is correctly escorted and not tampered with. Because the "vote" is a piece of physical paper, this can all be done with relative ease. The database is a box. You can look at it.
When votes are electronic, this is not an option. You cannot sit there and stare at a Microsoft Access database file to ensure its integrity is preserved. You cannot sit and watch the electrons pouring over the ethernet cable to make sure none of them are being tampered with. You can of course write a computer program to do these things-- audit, observe, etc-- but then you run facefirst into a truly intractable security program, that of trusting trust. Okay, you've got this e-vote auditor program. How do you trust the auditor? How do you know the numbers the auditor is looking at are the ones that are really going into the database? How do you know the auditor hasn't been compromised?
When votes are physical objects marked in private booths and dropped into little boxes, we can trust the auditors because the task of auditing is simple, and because the auditors are numerous and diverse. Election stations will typically be watched by members of two or more political parties, meaning that if you wish to rig an election you can perhaps corrupt or fool a small number of the election observers but certainly not all of them. If you want to know how easily electronic auditors can be fooled en masse, well, look at every Microsoft worm ever. Then consider that the Nachi Worm successfully infected ATMs at banks, ATMs made incidentally by voting machine manufacturer Diebold...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Bruce
Bruce Perens.
Better yet, just change the Wikipedia version and claim victory!
Its not clear what point you are making here.
- Is it they do other critical transactions so they must be good at it.
- Or is it that their ATM machines might be bad too.
If its the later, ATM machines are completely different problem from voting machines.
ATM machines have to have printers and provide a receipt at least as an option. Most of Diebold's machines have no printer and no option to get a receipt.
If Diebold's ATM machines start doing wrong transactions it would become immediately apparent to the bank and any customer who has a bookkeeping system.
ATM machines and bank transactions don't have to maintain anonymity of the user, voting systems do. It really complicates validation of the transaction.
A paper receipt, verifiable by the voter, deposited in a lock box and subjet to very random recounts would solve most of the uncertainty in electronic voting.
All in all open source would be better than closed source for electronic voting machines but it would provide zero certainty that the election still isn't being rigged electronically. The only two good ways to insure good elections are:
- paper ballets marked with a pencil, watch and counted like a hawk by multiple adverserial observers which works great in just about every country but America.
- if you have to do evoting, you have to have a printer, and a human verifiable receipt going in to a lockbox and hand recounted by adverserial.
@de_machina
First the OVC system is a hybrid. It has paper ballots and touchscreen entry and hand counting and electronic counting. The cool thing is they pull all of that off in way that is simple and workable, not layers of complexity.
Second, this hybrid is more secure than either paper ballots or electronic voting alone.
Third it's potentially very cheap. Various bussiness models can be applied. One is that cheap commodity hardware is used and the computers given away to schools after every election. That ways maintainence, storage and physical security costs are minimized. Another possible bussniess model is that OVC becomes a standard and certifies vendors to that standard. They can only use OVC software, which is open source. THus no funny bussiness but professionally run elections and reusable hardware. Of course states could own all their own hardware and conduct their own election set-ups just like they do now so there's no need for a radical bussiness plan.
since the hardware is very cheap, states can have excess numbers of voting stations per precint to elminate lines. when heavy turn-out is expected adding more stations is not a problem.
It can be booted clean from CD. so there are fewer risks with physcial security and the software is immutable and verifiable afterwards (compared to harddisk or firmware in which validating what software actually ran is difficult to prove later).
The OVC systems has many of the virtues of touchscreen voting such as handicapped and language assitance. It also can handle multiple jursidictions in a single precint
OVC is techincally not a DRE system. it's a ballot printer system
The OVC system also avoids the major pitfalls most other electronic systems have namely:
1) no roll fed paper ballots under glass. OVC uses cut sheets the voter puts in the ballot box
2) standalone ballot bar code readers are available and separate from the vote casting machine. this allows voters to independently validate the bar code or have it readback to them in audio mode in a way that prevents any machine collusion
3) standalone ballot counters. again zero collusion with the ballot printer.
If something goes wrong and the machine loses the votes, the paper ballots still function as aperfect record of the vote.
the OVC system has many exingencies worked out like what happens if a voter flees. What happens if the number of electronic ballots differed from the number of paper. and many others. Election's expert Doug Jones consulted on many of these features.
The basic process is this. Vote on the terminal and it prints our a single sheet ballot with an edge bar code and a summary of all your choices in human readable form. if you don't like it just discard the ballot and vote again. Since there's no "terminal activation" tokens there's no hassle to vote over. When you have a ballot on paper that you like you can optionally validate the bar code with a wand which will read it back to you. then you place it in the ballot box and go get drunk.
when the polls close the election judges open the sealed box. then in the presence of witnesses they shuffle all the ballots, permenantly destroying any serial vote order. Next they wand each ballot and a computer reads it in, diplays the english version of the ballot on screen, and correlates that vote with the previously recorded electronic record. There must be an electronic record for every ballot to prevent stuffing the ballot box. the election judge can spot check as many screen texts with the printed texts as they want so there is now a second check on the bar codes. The existance of even a single discrepancy in the bar code and the printed text would signify a software malfunction and appropriate steps taken. The bar code adds a number of secure features. First it can be made hard to forge and possibly contain signaures. Second it can contain checksums and handshaking codes to assure the code was read correctly (unlike a conventional hand marked paper ba
Some drink at the fountain of knowledge. Others just gargle.
http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073
8 .html?1122664155
:). And coming up with $10k in bail was a pain.
5 .html?1124737282 ...and I've taken the first step in suing 'em:
d f
http://www.bbvforums.org/forums/messages/1954/856
The good news is, it was only 18 hours. Still sucked
But the DA's office dropped all charges:
http://www.bbvforums.org/forums/messages/1954/942
http://www.equalccw.com/claimforcivildamagesnet.p
The mayhem from an OSS voting system in California could be potentially horrible for open source software. It's impossible to have an election with paper and pencil that doesn't get scrutinized. Hell, it was impossible for Florida to have an election with punch cards.
If paper and pencil or styli and punch cards can be questioned open source could be trashed by the media and politicans alike. It won't be long before Microsoft and HP roll out their own 'secure' and 'trusted' and 'robust' solution to mop up the mess.
This could also be a move to discredit open souce if the CA panel finds that OSS is too insecure to use for elections.
This seems like a bad idea to me. All it takes is one stupid reporter jacking up a mass emotional response by saying the OSS operating system has "known security flaws with well documented vulnerabilities that anyone can download off the Internet" to result in an (appointed) ludite judge ruling the machines are too insecure to use for an election. Watch the lawsuits fly off the wall faster than attorneys can catch them.
Before the OSS party line is toed too closely I see this posing a far greater risk to the general acceptability of OSS than the marketing armies of proprietary software companies.
The Luddites were ahead of their time.